<?php  

include_once('./db.conf');
// Connects to your Database 
mysql_connect(DBHOST, DBUSER, DBPASS) or die(mysql_error()); 
mysql_select_db(DBDBNAME) or die(mysql_error()); 

if(isset($_COOKIE['AdminCookie'])){
 if(isset($_POST['submit'])){
$name = $_POST['name']; 
$passwd = $_POST['passwd']; 
$newpassword = $_POST['newpassword'];  

if(!$result= mysql_query("SELECT passwd FROM admins WHERE name='$name'"))  
{  
echo "The username you entered does not exist";  
}  
else {
$row=mysql_fetch_array($result);
if($row['passwd']!=$passwd)  
{  
echo "You entered an incorrect password";  
}  
else if ($newpassword!=""){  
    $sql=mysql_query("UPDATE admins SET passwd='$newpassword' where name='$name'");  
    if($sql)  
    {  
    echo "Congratulations You have successfully changed your password";  
    } 
}
else 
	echo "New Password Can Not Be Left Empty...";
}
}
else 
{	
?>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td> User Name:</td><td>
<input type="text" name="name" maxlength="60">
</td></tr>
<tr><td> Olde Password:</td><td>
<input type="password" name="passwd" maxlength="10">
</td></tr>
<tr><td>New Password:</td><td>
<input type="password" name="newpassword" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Submit"></th></tr> </table>
</form>

<?php 
} 
}
else
	die('Session Expired Please Login...');
?>